To be consistent with up2date, yum should be configured OOTB to check GPG keys.
This is me giving the big non-committal shrug. if that's what red hat wishes to do with the fedora package of yum that's fine by me. it's a config file change.
I definitely think it should default safe. Even if it then points the user at a URL about keys and stuff, it should stop errors first IMHO
While I agree the default should be "safe", I see no reason to diverge from upstream. yum is installing packages well, adding key ring management to that task will decrease reliability.
I'm not sure I understand Comment #3. Yum already has GPG key checking included (via the RPM database, like up2date), it is just not configured to use it by default.
I'm fine with gpgcheck=1 being on in yum. Installing keys is not difficult, there are LOTS of instructions for how to do it and yum exits reasonably nicely with an error about how the user should either install the right keys or disable gpgcheck=1. I agree that gpgchecks are a good idea, I'm just not sure how much they matter considering users don't pay attention to them anyway..